Comments:

The Comment Letter is the attachment below.


June 15, 2004

Federal Trade Commission

P.O. Box 1030, Merrifield, VA 22116-1030

Via Electronic Delivery only

http:www.regulations.gov

RE:  FACTA Identity Theft Rule, Matter No. R411011

To Whom It May Concern:

KeyCorp (hereinafter “Key”), one of the nation’s largest bank-based financial services companies with assets of approximately $81 billion, is pleased to comment on the Federal Trade Commission’s proposed “FACTA Identity Theft Rule, Matter No. R411011.” The FTC’s proposal does help to clarify key terms used in Act.  Key would like to offer the following comments, concerns and suggestions:

1.       We support the inclusion of attempted theft in the definition of “identity theft” under the Act.  Allowing a consumer to file an initial identity theft report based on an attempted ID theft affords greater protection for consumers and users of consumer reports.

2.       In general, the current proposed definition of “identity theft” is very broad and would therefore inferentially include instances of attempted theft or use of financial services products that are not currently described or accounted for in the FACT Act.  For example, the FACT Act addresses ID theft risk reduction measures for credit products, debit and credit card issuance, and monitoring inactive loan and deposit accounts.  There are numerous other types of identity theft schemes that are not currently addressed within the scope of the Act.  As a result, a critical question remains:  Will victims of ID theft schemes not specifically addressed in the FACT Act be covered by the protections specified under the Act?  For example, will financial institutions be required to provide documentation in accordance with amended Section 609 of the Fair Credit Reporting Act in instances where an individual claims their checkbook was stolen and the checks were negotiated without the individual’s consent? 

3.       Proposed Section 603.3 of the Fair Credit Reporting Act defines an “Identity Theft Report” to include any additional information or documentation that the information furnisher reasonably requests for determining the validity of the alleged ID theft, so long as the information is requested by the furnisher no later than five days after receipt of the copy of the ID theft report.  We believe it is appropriate to include additional documentation requirements in the definition of “Identity Theft Report.”  However, we are greatly concerned with regard to the timing of the information request by the furnisher or credit reporting agency.  Given the complexity of the financial transactions that may be involved in the ID theft claim, coupled with the number of Identity Theft Reports an institution may receive, we do not believe that five business days is sufficient time to receive the Identity Theft Report, evaluate the transaction information contained in the Report, determine what additional information may be required from the consumer to validate the claim, and request the information from the consumer.  We believe a minimum of fifteen business days is required to properly evaluate and react to an Identity Theft Report responsibly

4.       The proposal with respect to a 12-month duration for active duty alerts is reasonable.  The Notice further states that military personnel who receive extended deployments may add another active duty alert when the first expires if they feel they need additional protection.  Without attempting to create undue hardship for the credit report providers, lengthening the time the active duty alert is initially in place to 18 months would match the length of today’s military deployments.

We would like to thank the Federal Trade Commission for this opportunity to comment.  If you have any questions regarding this comment letter, please contact Cheryl Voigt, Chief Compliance Officer, at (216) 689-5950.

Sincerely,

Cheryl Voigt

Chief Compliance Officer

KeyCorp